Description
A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDA_NTDRV.sys of the component Kernel Driver. This manipulation causes improper access controls. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-21
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A weakness in the IM‑Magic Partition Resizer up to version 7.9.0 affects the kernel driver MDA_NTDRV.sys. The driver exposes an unknown function with inadequate access controls, allowing a local attacker to manipulate kernel‑level operations. This gives the attacker the ability to execute code or perform actions with SYSTEM privileges. The flaw is classified as CWE‑266 and CWE‑284.

Affected Systems

All installations of IM‑Magic Partition Resizer up to version 7.9.0. The vulnerability pertains to the kernel driver component MDA_NTDRV.sys and is present in all builds of the product up to and including that version.

Risk and Exploitability

The vulnerability has a CVSS score of 8.5 and is not listed in the CISA KEV catalog. EPSS data is not available, but the public release of a working exploit indicates that the attack is feasible on systems where the product is installed. The exploit requires local access; it leverages improper privilege management to gain kernel‑level execution. Attackers would need to be able to run the driver or manipulate its usage to achieve the escalation.

Generated by OpenCVE AI on June 21, 2026 at 09:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade IM‑Magic Partition Resizer to a version that contains the fix for the kernel driver or apply any vendor‑supplied patch if available.
  • If no patch is available, uninstall the Partition Resizer tool and delete MDA_NTDRV.sys from the system to remove the exploitable driver.
  • Limit the set of local users who can install or run kernel drivers by tightening user rights and applying least‑privilege policies.

Generated by OpenCVE AI on June 21, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 21 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDA_NTDRV.sys of the component Kernel Driver. This manipulation causes improper access controls. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title IM-Magic Partition Resizer Kernel Driver MDA_NTDRV.sys access control
First Time appeared Im-magic
Im-magic partition Resizer
Weaknesses CWE-266
CWE-284
CPEs cpe:2.3:a:im-magic:partition_resizer:*:*:*:*:*:*:*:*
Vendors & Products Im-magic
Im-magic partition Resizer
References
Metrics cvssV2_0

{'score': 6.8, 'vector': 'AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Im-magic Partition Resizer
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-21T07:00:07.040Z

Reserved: 2026-06-20T09:41:41.728Z

Link: CVE-2026-12784

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-21T09:30:09Z

Weaknesses
  • CWE-266

    Incorrect Privilege Assignment

  • CWE-284

    Improper Access Control